<?	session_start();
include_once("const.php");
include_once("template.php");
include_once("database.php");
include_once("utilities.php");
include_once("help.php");
$db = getDBConnection();

function get_include_contents($filename) {
	if (is_file($filename)) {
		ob_start();
		include($filename);
		$contents = ob_get_contents();
		ob_end_clean();
		return $contents;
	}
	return false;
}
function is_secureID($id){
	$pos1 = strpos($id,"/");
	$pos2 = strpos($id,"'");
	$pos3 = strpos($id,".");
	$pos4 = strpos($id,"?");
	$pos5 = strpos($id,"&");
	//ALL are no bad chars -> do nothing
	//ELSE there is a bad char, switch to default page
	return ($pos1 === false && $pos2 === false && $pos3 === false && $pos4 === false && $pos5 === false);
}

function getContent($id){
	$defaultID = "webdata/default.php";

	$target = FileID::toString($id);
	if(!is_secureID($target)){
		$target = "default";
	}

	//prepare id
	$string = get_include_contents("webdata/".$target.".php");
	if($string === false) return get_include_contents($defaultID);

	return $string;
}

function escapeUserInput($arr){
	foreach ($arr as $i => $value) {
		if(is_array($value)){
			foreach ($value as $k => $value2) {
				$arr[$i][$k] = utf8_decode(htmlspecialchars($value2, ENT_QUOTES));
			}
		}
		else $arr[$i] = utf8_decode(htmlspecialchars($value, ENT_QUOTES));
	}
	return $arr;
}
function parseIDs(){
	//already checked
	if(defined("ID0")) return;
	//not  logged in? -> show default login screen
	if(!isset($_SESSION['key']) || $_SESSION['key'] != SECTOK){
		define("ID0", FileID::toOrdinal("default"));
		define("ID1", -1);
		define("ID2", -1);
		define("ID3", -1);
		define("ID4", -1);
		return;
	}
	for($i=0;$i<5;$i++){
		$toCheck = "id$i";
		if(isset($_GET[$toCheck])){
			define("ID$i", intval($_GET[$toCheck]));
		}
		else{
			define("ID$i", -1);
		}

	}
	return ID0;
}
//start business logic
function choseContent(){

	//escape user input
	$_GET = escapeUserInput($_GET);
	$_POST = escapeUserInput($_POST);

	//parseIDs
	parseIDs();

	echo getHomepage("",getContent(ID0));
}



//START PROGRAMM
choseContent();
$msg = "";
$msg .= "<br>GET<br>";
$msg .= print_r($_GET,true);
$msg .= "<br>POST<br>";
$msg .=print_r($_POST,true);
$msg .="<br>SESSION<br>";
$msg .=print_r($_SESSION,true);
$msg .="<br>";
$msg .= "<br>ENV<br>";
$msg .= print_r($_ENV,true);
$msg .="<br>Mysql<br>";
$msg .= mysql_error();
echo tooltip_warning($msg,"TESTAUSGABEN (bitte ignorieren)");
?>


